rhsa-2003_290
Vulnerability from csaf_redhat
Published
2003-09-30 12:16
Modified
2024-11-21 22:52
Summary
Red Hat Security Advisory: mod_ssl, openssl security update for Stronghold

Notes

Topic
Updated versions of Stronghold 4 cross-platform are available that fix several security issues affecting OpenSSL and mod_ssl. A number of bug fixes and new features are also included.
Details
Stronghold 4 contains a number of open source technologies, including OpenSSL 0.9.6 and mod_ssl. NISCC testing of implementations of the SSL protocol uncovered two bugs in OpenSSL 0.9.6. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash. A remote attacker could trigger this bug by sending a carefully crafted SSL client certificate to the Stronghold Web server, which would cause the server child process handling the request to terminate. The effects of such an attack would be limited, as Apache is designed to handle this situation. In most cases, an attack would simply cause increased server load, which would only last as long as an attacker continues to make malicious connections. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2003-0543 and CAN-2003-0544 to this issue. Ben Laurie found a bug in the optional renegotiation code in mod_ssl that can cause cipher suite restrictions to be ignored. This is triggered if optional renegotiation is used (SSLOptions +OptRenegotiate) along with verification of client certificates and a change to the cipher suite over the renegotiation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0192 to this issue. Users of Stronghold 4 cross-platform are advised to update to these errata versions, which contain backported security fixes and are not vulnerable to these issues. Red Hat would like to thank NISCC, Stephen Henson, and Ben Laurie for their work on these vulnerabilities.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated versions of Stronghold 4 cross-platform are available that fix\nseveral security issues affecting OpenSSL and mod_ssl.  A number of bug\nfixes and new features are also included.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Stronghold 4 contains a number of open source technologies, including\nOpenSSL 0.9.6 and mod_ssl.\n\nNISCC testing of implementations of the SSL protocol uncovered two bugs in\nOpenSSL 0.9.6.  The parsing of unusual ASN.1 tag values can cause OpenSSL\nto crash.  A remote attacker could trigger this bug by sending a carefully\ncrafted SSL client certificate to the Stronghold Web server, which would\ncause the server child process handling the request to terminate.  The\neffects of such an attack would be limited, as Apache is designed to handle\nthis situation.  In most cases, an attack would simply cause increased\nserver load, which would only last as long as an attacker continues to make\nmalicious connections.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the names CAN-2003-0543 and CAN-2003-0544 to\nthis issue.  \n\nBen Laurie found a bug in the optional renegotiation code in mod_ssl\nthat can cause cipher suite restrictions to be ignored. This is triggered\nif optional renegotiation is used (SSLOptions +OptRenegotiate) along with\nverification of client certificates and a change to the cipher suite over\nthe renegotiation.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0192 to this issue.\n\nUsers of Stronghold 4 cross-platform are advised to update to these errata\nversions, which contain backported security fixes and are not vulnerable to\nthese issues.\n\nRed Hat would like to thank NISCC, Stephen Henson, and Ben Laurie for their\nwork on these vulnerabilities.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:290",
        "url": "https://access.redhat.com/errata/RHSA-2003:290"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://www.niscc.gov.uk/",
        "url": "http://www.niscc.gov.uk/"
      },
      {
        "category": "external",
        "summary": "http://www.openssl.org/news/secadv_20030930.txt",
        "url": "http://www.openssl.org/news/secadv_20030930.txt"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_290.json"
      }
    ],
    "title": "Red Hat Security Advisory: mod_ssl, openssl security update for Stronghold",
    "tracking": {
      "current_release_date": "2024-11-21T22:52:00+00:00",
      "generator": {
        "date": "2024-11-21T22:52:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:290",
      "initial_release_date": "2003-09-30T12:16:00+00:00",
      "revision_history": [
        {
          "date": "2003-09-30T12:16:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-10-03T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:52:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Stronghold 4",
                "product": {
                  "name": "Red Hat Stronghold 4",
                  "product_id": "Red Hat Stronghold 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:stronghold:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold Cross Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0192",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616998"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle \"certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one,\" which could cause Apache to use the weak ciphersuite.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue affected Red Hat Enterprise Linux 2.1 and an update was released to correct it:\nhttp://rhn.redhat.com/errata/RHSA-2003-244.html\n\nRed Hat Enterprise Linux 3 contained a backported patch to correct this issue since release.  This issue does not affect the versions of Apache in Enterprise Linux 4 or later.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0192"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616998",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616998"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0192",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0192"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0192",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0192"
        }
      ],
      "release_date": "2003-07-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-30T12:16:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice.  Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0g patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:290"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0543",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "104893"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0543"
        },
        {
          "category": "external",
          "summary": "RHBZ#104893",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=104893"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0543"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0543",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0543"
        }
      ],
      "release_date": "2003-09-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-30T12:16:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice.  Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0g patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:290"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes"
    },
    {
      "cve": "CVE-2003-0544",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "104893"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release.\n\nThe OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Stronghold 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0544"
        },
        {
          "category": "external",
          "summary": "RHBZ#104893",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=104893"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0544",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0544"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0544",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0544"
        }
      ],
      "release_date": "2003-09-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-30T12:16:00+00:00",
          "details": "Updated Stronghold 4 packages are now available via the update agent\nservice.  Run the following command from the Stronghold 4 install root to\nupgrade an existing Stronghold 4 installation to the new package versions:\n\n$ bin/agent\n\nThe Stronghold 4.0g patch release which contains these updated packages is\nalso available from the download site.\n\nAfter upgrading Stronghold, the server must be completely restarted by\nrunning the following commands from the install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nrefer to http://stronghold.redhat.com/support/upgrade-sh4",
          "product_ids": [
            "Red Hat Stronghold 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:290"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.